This Metasploit module exploits an arbitrary command execution. AWStats configdir Remote Command Execution - Metasploit. : Changes to be compatible with new AWStats. The “Infektion Group”, a group of computer hackers believed to operate out of Brazil, has claimed credit for the attack and posted screenshots of the defacements.Ī Google search for the group found 26,000 matches, most of them being defaced sites. AWStats configdir Remote Command Execution: Posted Oct 30, 2009: Authored by Matteo Cantoni. As AWStats works from the command line but also as a CGI. Mainstream media sites have also been targeted, although it is not not known whether the AWstats exploit was a culprit, with reporting a similar attack, with 850 newspaper sites defaced. Once exploited, the remote attacker can execute arbitrary commands, as evidenced by the defacement perpetrated by the hacker group.īlog that have been hacked include Jeremy Zawodny and Russell Beattie. awstats: possible remote command execution vulnerability (iDEFENSE) Package: awstats Maintainer for awstats is Debian QA Group <> Source for awstats is src:awstats ( PTS, buildd, popcon ).CVE-2005-0436, Direct code injection vulnerability. According to the iDefense advisory, remote exploitation of an input validation vulnerability in AWStats allows attackers to execute arbitrary commands under the privileges of the Web server. Resolved issues CVE-2005-0437, Directory traversal vulnerability in in AWStats 6.3 and 6.4. awstats.cgi in AWStats before 7. service-http medium false Update Attempt 5445.0 AWStats configdir Command service-http high. The exploit is known as the “AWStats ‘configdir’ Remote Command Execution Exploit” and was publicly disclosed on January 17th, by security firm iDefense. Execute the upgrade command by typing the following: upgrade. Bloggers using the popular AWStats server statistical tool, often installed as standard with web hosting packages, should take caution following a number of blog breakins.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |